Data Security and Privacy with the Privacy Professor

Rebecca Herold

There are more information security and privacy threats than ever before. As more technologies emerge, more surveillance tactics are used, and more artificial intelligence systems are deployed, cybersecurity and privacy risks grow exponentially. Rebecca has spent her entire career working to improve information security and privacy protections, by not only raising awareness of the issues within businesses and other types of organizations, but also by raising the awareness of these risks in the public and helping them to understand how to better protect their own personal data, allowing them to take their privacy protections into their own hands. Rebecca offers information about these existing and emerging security and privacy risks and provides fresh insights into the impacts of exploiting these risks, and gives guidance, tips, expert advice and news, with fascinating guests, to help all organizations, and the general public, understand what they need to do to mitigate these risks. read less
TechnologyTechnology

Episodes

Individuals & Businesses: Mitigate! Those! Risks!
Jun 3 2023
Individuals & Businesses: Mitigate! Those! Risks!
Everyone is at risk of cybercrime, privacy breaches, and associated physical risks. Individuals in their personal lives, as well as businesses and their employees within work areas…which are often in homes, and other locations outside of physical business facilities…are at risk. Each and every one of them needs to understand how to recognize information security and privacy risks, and basic ways to mitigate those identified risks. But most folks don’t know how to do this. More needs to be done to raise awareness of these important life-encompassing risks if we have any chance at all of slowing down and preventing security incidents and privacy breaches. We dedicate this episode to supporting that goal! In this episode Rebecca has a highly informative discussion with Ron Woerner, a noted international consultant, keynote speaker, teacher, blogger, and writer in the Privacy and Cybersecurity industry. The show starts with the inaugural episode of the new game show, “Mitigate! That! Risk!” Discussion then covers the following: • What are risks in personal lives, as opposed to in business? • What is risk management? • What has been the most significant change in risk management since Ron started his security and privacy career? • What has stayed the same for risk management since the beginning of Ron’s career? • What is zero trust, as it relates to risk management? • What is data centric security, as it relates to risk management? • And more… Please listen in! #Privacy #PrivacyManagement #RiskManagement #CyberSecurity #DataSecurity #Cybercrime #PersonalData #Awareness #Education #RiskAssessment #RiskAnalysis
IoT Stalking, IoT Jewelry, JuiceJacking, AI, CheckWashing & More!
May 6 2023
IoT Stalking, IoT Jewelry, JuiceJacking, AI, CheckWashing & More!
In this episode Rebecca continues answering a few more of the hundreds of questions she has received from listeners and readers throughout the past few months, covering a wide range of topics. Some of the questions include: • What happened to those men, bar owners, who were arrested for stalking a woman by using digital tracking devices there in Des Moines, Iowa? Did they go to prison? What laws apply? Hear Rebecca’s answers, in addition to other associated news and points about IoT trackers, and how to identify if they are stalking you. • The FBI and FCC recently warned that those free USB charging stations in public spaces, such as airports, hotels, hospitals, etc., can have devices hidden within them to steal data, spread malware, etc. Didn’t you discuss this in a previous episode? What are some other ways to prevent such skimmers from stealing data? What other harms can result from such skimmers and modified charging cords? Rebecca answers these, and provides some additional helpful information for this threat. • A family member was a victim of check washing! Are there any more tips you have about how to prevent check washing that you can provide in addition to those your described in your December 2022 Privacy Professor Tips message? • I received a pretty “smart” necklace for Hanukkah that, if you press the button on the charm twice, texts and GPS location will immediately be sent to up to five friends/family members to let them know help is needed. With an option to also contact 911. It sounds like it could be extremely privacy-invasive. What tips do you have for me to use this in a secure, privacy-protecting way? Rebecca provides several suggestions, along with a real-life case of IoT being used to track down an assault victim. • Do you think AI and ML will help to reduce financial cybercrime or make it worse? Rebecca’s answer may surprise you! • And more… Rebecca provides answers that all listeners, anywhere in the world, can use. #Privacy #PrivacyManagement #RiskManagement #CyberSecurity #DataSecurity #Cybercrime #PersonalData #Awareness #Education #Spam #Spoofing #Dobbs #DobbsLeak #Government Security #IoT #IoTSecurity #IoTPrivacy #LocationTrackers #IoTAssaults #IoTCrime #AI #ArtificialIntelligence #ML #MachineLearning #CheckWashing #StalkingLaws #CyberStalking #USBSkimmers #JuiceJacking #Malware
AI Challenges & Risks: Security, Privacy, Bias & Ethics
Apr 1 2023
AI Challenges & Risks: Security, Privacy, Bias & Ethics
AI has quickly become pervasive in all our lives. But, how can it impact us? Consider a couple of examples. Lensa is an app that takes real photos and uses AI to make art images from them. Millions have used it. Others are concerned about the related privacy and intellectual property rights problems it creates. Lensa uses a huge open-source collection of data to train its AI that contains than 5 billion publicly accessible images that it categorizes as “research.” However, it not only includes copyrighted work, but also personal medical records and images, as well as disturbing images of violence and sexual abuse, many from police reports. This creates privacy, copyright and other intellectual property rights, legal and compliance concerns. Another AI tool, ChatGPT, surpassed 100 million users early in 2023 and is creating a large and growing number of concerns about security, privacy, intellectual property and legal risks. Use of artificial intelligence (AI) is predicted to grow by more than 25% each year for the next five years and could contribute over $15 trillion to the global economy by 2030. Many questions need to be answered about AI! Listen in to hear my conversation with Pamela Gupta about a wide range of AI issues. • Who is ensuring the AI algorithms are secure? And accurate? • What happens if someone’s private photos show up incorporated into an AI generated image? • What are the privacy risks? • What are the security risks? • What are the ethical considerations for AI use? • What are the dangers of biased AI? • What are the “Essential Trusted AI Pillars”? Pamela answers these and many more questions. See more about Pamela Gupta at https://www.outsecure.com/. #PamelaGupta #AI #ArtificialIntelligence #ChatGPT #Lensa #Privacy #PrivacyManagement #RiskManagement #CyberSecurity #DataSecurity #Cybercrime #PersonalData #Awareness #Education #Cybercriminals
“Romance Scammers Have Used My Photos Since 2016”
Mar 4 2023
“Romance Scammers Have Used My Photos Since 2016”
Bryan Denny served as an officer in the U.S. Army for 26 years. In 2016, Bryan’s photos were stolen and used to build thousands of fake profiles. Kathy Waters has logged over 4,000 volunteer hours helping those like Bryan Denny whose identity has been stolen, as well as the women and men who have fallen victim to the scammers. Each day new headlines report the financial and emotional destruction that romance scammers wreak on their victims’ lives, who include both the targeted victims of the scams, and those whose images are used by the criminals to commit the crimes. Listen in to hear my riveting conversation with Bryan Denny and Kathy Waters as they describe the vast amount of damage romance scammers are increasingly causing. • How did Bryan discover his identity was being used for romance scams? • How did Kathy get involved with helping hundreds of romance scam victims? • What tactics do romance scammers use? • What are some of the real-life experiences of romance scam victims? • Why are romance scammers so successful with their crimes? • How can you spot a likely romance scammer? • To what groups, agencies, etc. should romance scammers be reported? Kathy and Bryan answer these and many more questions. See more about Kathy Waters and Bryan Denny at https://advocatingforu.com/meet-the-board #Privacy #PrivacyManagement #RiskManagement #CyberSecurity #DataSecurity #Cybercrime #PersonalData #Awareness #Education #IDTheft #IdentityTheft #IDFraud #IdentityFraud #Cybercriminals #RomanceScams #ScamVictims
Dobbs Leak, Airtags, Spam, Spoofed Email, & Data Privacy Day!
Feb 4 2023
Dobbs Leak, Airtags, Spam, Spoofed Email, & Data Privacy Day!
It has been almost three years since Rebecca has done a show answering listener questions; it is time she did another one! In this episode she answers a wide range of questions. Some of the questions include: • Why are location trackers (Apple Airtag, Tile, etc.) bad from a privacy perspective? They aren’t even sending any personal information; just location. Should they be outlawed if they are actually bad? Listen in to hear not only her answer, but how she explains what engineers need to consider in the design of these, and other types of, IoT products. • How do you think the Dobbs decision was leaked last year from the US Supreme Court? Rebecca provides some insightful theories that have not yet been discussed anywhere else! • Some spam blockers, like AOL spam blocker, are not effective against email addresses. How can more email spam be blocked? Rebecca provides some good advice in response. • How can spoofed emails be prevented? Everyone needs to hear Rebecca’s answer to this. • Should spoofed emails be reported? To where? Rebecca provides answers that all listeners, anywhere in the world, can use. Listen in to hear the answers to these, and more, questions. #Privacy #PrivacyManagement #RiskManagement #CyberSecurity #DataSecurity #Cybercrime #PersonalData #Awareness #Education #Spam #Spoofing #Dobbs #DobbsLeak #Government Security #IoT #IoTSecurity #IoTPrivacy #LocationTrackers #IoTAssaults #IoTCrime
Privacy & Cybersecurity for Your Life During the Holidays
Dec 3 2022
Privacy & Cybersecurity for Your Life During the Holidays
Are you armed with the privacy and security knowledge and awareness necessary to identify all the holiday scams and cybercrooks that emerge and try not only new scams and crimes, but also all the same scams and crimes that have proven to be effective year after year for decades? Are you prepared to help those to whom you give tech gifts so that they use them in the most secure and privacy-protecting way possible? Can you secure those tech gadgets that you receive as gifts to keep the hackers from accessing them and using them to steal your money or commit identity fraud to basically steal your life? You all need to maintain a high-level of awareness and knowledge about privacy and cybersecurity for your life during the holidays. Listen in to hear my conversation with two cybersecurity and privacy experts answer these and many more questions. Cheryl Jackson and Todd Fitzgerald have spent their entire careers dedicated to educating and raising the awareness of security and privacy issues for their co-workers, clients and the general public. Todd and Cheryl also share a huge amount of information about awareness events and education they’ve provided over the years, including those that were huge successes, and a few they were not so successful, and describe why. Please tune in! #Privacy #PrivacyManagement #RiskManagement #CyberSecurity #DataSecurity #Cybercrime #PersonalData #HolidayScams #PersonalData #Awareness #Education
Let’s Stop the Robocall Scammers!
Nov 5 2022
Let’s Stop the Robocall Scammers!
Everyone is inundated with robocalls! Many of them are legitimate, such as those providing notifications about environmental threats such as hurricanes and tornadoes. And those giving alerts about missing persons. And there are many others that are legal, but can still be quite annoying, such as from political candidates. There are also increasingly more robocalls that are used to commit scams and a wide range of crimes. Security expert Ben Rothke is fed up with all these robocall scammers! Ben has been researching this longtime, and constantly evolving scam for many years. In fact, he has amassed over 100 recorded scam calls that he provides to the public to raise their awareness for identifying these scammers. During this episode Ben describes many different ways that robocalls are used to commit crimes. Such as for spreading ransomware, gaining access to bank and other types of financial accounts, tricking people into buying high-dollar items, or for compelling the targeted robocall victims to send the crooks money. Listen in to hear Ben discuss these and many more different types of robocall crimes, and the tactics used. Mr. Rothke will also describe the overall problem, the security and privacy risks that they can bring, and what needs to be done to get rid of this scourge. Please tune in! #Privacy #PrivacyManagement #RiskManagement #CyberSecurity #DataSecurity #Cybercrime #PersonalData #RoboCalls #RobocallCrimes #RoboCallScams #PersonalData #Awareness
“Wacky Tobaccy” Laws, Privacy & Security!
Oct 1 2022
“Wacky Tobaccy” Laws, Privacy & Security!
At this time in our current enlightened period in history, we're actually not enlightened with regard to cannabis benefits, medicinal uses, how to debunk disinformation that has been being spread since the 1930s, and how to protect the privacy of cannabis users, as well as their associated personal data, and the business data of the dispensaries. Have you used cannabis, of any kind in any form? Have any of your family members or friends? For recreation and/or for medicinal purposes? Do you know how or if the associated data you provided to the dispensaries was protected, shared, and used? At least 38 U.S. states, along with Washington, D.C. and 16 US territories, have legalized cannabis of some type, in some way. Want to hear which ones? Do you know which of these laws include requirements for privacy and/or data security? Do you know the current status of federal regulations for cannabis legalization? Including how HIPAA may or may not apply? Do you know what the difference is between cannabis, medical cannabis and marijuana, if any? What about the differences between CBD and THC? Do you know the medical benefits of cannabis? Do you know the ways in which the cannabis dispensaries put your data at risk? And your privacy at risk? Were you aware of the recent data privacy breaches at cannabis dispensaries? Or, about a huge security flaw that allowed 85,000 cannabis dispensary customers’ personal data to be searchable and viewable online, by anyone? Do you realize the harms that could occur to those whose personal data and associated cannabis purchasing history and related details were obtained by others? Or, if even just the financial data of a cannabis store was breached and used by competitors? Hint: They are significant! Popular guest and medical cannabis security and privacy expert Michelle Dumay returns for this fourth in a series of shows about current cannabis laws and regulations, personal data privacy and security risks involved with in-person and online sales, and provides some wise advice for all these issues. Please tune in to hear this enlightening discussion! #Privacy #PrivacyManagement #RiskManagement #CyberSecurity #DataSecurity #MedicalCannabis #Cannabis #Laws #Marijuana #WackyTobaccy #Dispensaries #Breach #PersonalData #HIPAA #CBD #THC
Action is Necessary to Improve Voting & Elections Security!
Sep 3 2022
Action is Necessary to Improve Voting & Elections Security!
Many claims have been, and still are being, made about elections and voting security, more than ever since the 2020 election. Some claim there was widespread “voting fraud.” While no process or technology, of any kind for any purpose, is 100% secure, the 2020 general elections were determined through audits and assessments by dedicated elections workers, federal and state civil servants, and cybersecurity experts, to have been the most secure in history, based on the combined results of over a thousand audits and risk assessments. However, as misinformation grows, and increasingly more types of voting devices are used, elections officials must ensure security is continually be monitored, updated and improved to address newly discovered vulnerabilities and threats. Here are some facts important to know up front: Voting machine equipment, standards and procedures vary greatly from state to state, and even county to county. And, there is great diversity in the types and ages of the over 100,000 voting machines used throughout the U.S. These facts make it necessary to perform ongoing review and assessment of voting machines and procedures physical security, cyber security, and procedural security. Just a few key issues that must be considered for elections and voting technology security include: • How widely are voting security standards used by the over 100,000 polling locations throughout the U.S.? Who provides oversight of this? • Who are “insiders” within the election and voting ecosystem? And, what types of insider threats exist that need to be addressed? • Is the internet a threat vector to voting systems? Are the voting systems ever connected to the internet? • In what ways are voting procedures throughout the states and territories different? Would committing widespread fraud be possible? • What are actions can elections officials and workers take to better protect voting systems, and the full elections process? • Where can U.S. states and territories obtain help to strengthen the security of the technologies, activities and physical components of the elections systems? Listen in to hear Marci Andino, the Sr Director, Elections Infrastructure Information Sharing & Analysis Center (EI-ISAC) at Center for Internet Security, answer these questions, and more! #Cybersecurity #Privacy #RiskManagement #Education #MarciAndino #CISecurity #Voting #Elections #Democracy #VotingSecurity #ElectionsSecurity
Secure Coding Fixes the Top 25 Most Dangerous Software Weaknesses
Aug 6 2022
Secure Coding Fixes the Top 25 Most Dangerous Software Weaknesses
In the news every day are security incidents and privacy breaches caused by software programming errors, sloppy practices, lack of sufficient testing, and many other engineering-, coding-, and programming-related reasons. This has been progressively getting worse for the past 40, 50 years as technology has been proliferating, along with code, and different programming languages. Case in point: At the root of most Zero Day exploits is unsecure software code, created by programmers and coders who did not create the code to be secure to begin with. For the past several years the US Cybersecurity and Infrastructure Security Agency (CISA), has published their Top 25 Most Dangerous Software Weaknesses list. When looking at this list, it is clear that most, if not all, are a result of poor coding practices. A lack of secure coding! These software weaknesses are getting worse, not better, as time goes on! Listen to this episode to hear expert, pioneer, current practitioner and thought-leader for software security, Dr. Mich Kabay, discuss many of real-life examples of poor coding that have resulted in problems, incidents and breaches, occurring long ago and up through those that are still occurring today. And, hear how code can be made more secure. We will also go through as many of the CISA top 25 dangerous software weaknesses as time allows to point out the coding errors and problems that made the software weak, unsecure, and dangerous. All software engineers, programmers and coders do not need to be cybersecurity experts. However, all of them *DO* need to be experts in secure coding and the applicable security and privacy standards involved in the software development life cycle (SDLC). #SecureCoding #Cybersecurity #Privacy #RiskManagement #Education #MichKabay #ZeroDay #SDLC
IoT Data Creates Frankenstein Profiles Claiming to Be You
Jul 2 2022
IoT Data Creates Frankenstein Profiles Claiming to Be You
There are an estimated 20 – 30 billion “smart” internet of things (IoT) devices currently used in the world. Most of them are listening devices, meaning everything heard within the vicinity of the device is sent to cloud systems, analyzed, and actions are taken. This number is projected to increase to 75 – 100 billion by 2025. This data and results of artificial analysis (AI) using the words and conversations of people, and sounds, in the vicinity of the device are sent to numerous, sometimes thousands, of other third parties who then perform their own data AI and take even more actions. In most cases profiles about the individuals are made using the IoT data and AI results that are used for making many assumptions about, then taking activities impacting, the associated individuals. Targeted marketing. Loan rates and approvals. Health determinations. Deciding who is a good or bad parent. Identifying pregnancies. The list is unlimited. Even real-life activities described in science fiction, such as determining those who, in the future, are likely to commit crimes, likely to get a disease, or likely to have some other significant impact. These projections are also sent to numerous entities. Those can include law enforcement, government agencies, home owners associations, political campaigns, marketers (of course!), and many others. Even ransomware gangs and other criminals are using these digital profiles to target their victims. Wait, it gets worse! Around 10% - 25% of AI results are incorrect. And when considering people of color, this number increases, due to continuing problems with bias in AI. That translates to 2 – 7.5 billion current devices sending data about those in the vicinity of the devices, who then are having erroneous profiles made about them. And, possibly actions are being taken that will harm them in some way as a result. Digital personas that are Frankenstein creations resulting from often faulty AI resulting from the use of audio voices of others, and sounds around you! In this episode, Dr. Joseph Turow, author of “The Voice Catchers: How Marketers Listen In to Exploit Your Feelings, Your Privacy, and Your Wallet,” discusses his in-depth and insightful research into this topic. Dr. Turow also provides many examples, and also provides some very good advice. Please join us for a very interesting and informative discussion! #IoT #IoTPrivacy #IoTSecurity #Stalkerware #JosephTurow #TheVoiceCatchers #VoiceAnalysis #Surveillance #AI #PersonalData #MonetizingPeople
Catching KGB Hackers with 75¢ and a 2400 Baud Modem
Jun 4 2022
Catching KGB Hackers with 75¢ and a 2400 Baud Modem
Nation state hackers have been trying to get into the secrets stored on computers for decades. The Russian KGB has been trying, and often succeeding, to hack into computer systems before there was a publicly accessible internet; back when the Arpanet was used primarily to connect university and government computer systems. Do you know who caught the KGB in the act of their hacking activities within these computer systems when no one else, not even the FBI or the military, was interested in finding a hacker that was getting into some of the Arpanet connected computers? Why, an astronomer, of course! Tune in to hear Dr. Clifford Stoll describe in great detail how he caught the KGB hackers, without the use of network security tools (what has been used during the past thirty years didn’t exist back then!), using his brilliance and other tools available to him at the time, such as dial-up phone line modems and reams of paper printouts. Through his perseverance and patience, he was able to catch the hackers. Dr. Stoll wrote the book, The Cuckoo's Egg: Tracking a Spy Through the Maze of Computer Espionage, in 1989 which provides his first-person account of his hackers-catching odyssey. A 1990 PBS documentary, “The KGB, the Computer, and Me,” provided additional information. In this episode we cover additional facts about the hack, that include more discussion of the technical and security perspectives, still applicable, and some of the specific work that Dr. Stoll did during his tracking of the wily hackers, that actually seem to have inspired some of the tools commonly used by cybersecurity pros today…that they probably don’t even realize were first established by Clifford Stoll! We also hear Dr. Stoll’s thoughts about cybersecurity, education, technology, the importance of asking questions and curiosity, the polarimetry of Jupiter at large phase angles, Klein bottles, and much, much more. See more about Clifford Stoll at https://www.ted.com/speakers/clifford_stoll. See Dr. Stoll’s paper, “Polarimetry of Jupiter at Large Phase Angles” at https://repository.arizona.edu/bitstream/handle/10150/282394/azu_td_8020326_sip1_m.pdf?sequence=1&isAllowed=y #CliffordStoll #TheCuckoosEgg #KGB #Hacking #NationState #CyberEspionage #HoneyPots #DigitalSpying #RiskManagement #CyberCrime #CyberSecurity
How Stalkers & Assaulters Track & Find Victims with IoT Tech
May 7 2022
How Stalkers & Assaulters Track & Find Victims with IoT Tech
Assaulters and stalkers are increasingly using technologies to target, surveil, and attack their victims. IoT tech in particular is increasingly being used. • What types of IoT tech are being used to track down and ultimately attack the targeted victims? • What types of popular, tiny, inexpensive IoT devices are increasingly used by assaulters and stalkers for surveilling and then tracking down victims to abuse and assault? • In what ways are a variety of different types of IoT tech devices being used for these nefarious purposes? • How common are these types of attacks where IoT is used to facilitate these crimes? • In what ways do IoT devices provide a sense of false security, that then actually makes weaponizing them to commit crimes easier? • Why don’t more of the victims know that their IoT devices are being used by abusers and stalkers to track them down? • What aren’t there more publicized criminal court cases for these incidents where IoT tech was used to facilitate attacks on the targeted victims? • What can people do to keep from being victims of assaults through the IoT devices they use? Tune in to hear Adam Dodge, founder of Ending Technology-Enabled Abuse (EndTAB), provide answers to these and many more questions, along with valuable insights and advice. See more about Adam Dodge at https://endtab.org/about-hayden #IoT #IoTPrivacy #IoTSecurity #DomesticAbuse #AdamDodge #EndTAB #AirTags #Stalkerware #DigitalLiteracyAgainstDigitalViolence
Transportation Cybersecurity & Privacy: Highway to Digital Hell?
Mar 5 2022
Transportation Cybersecurity & Privacy: Highway to Digital Hell?
There have been many reports about over-the-road trucking delays causing problems throughout the full supply chain and delaying deliveries of critical products throughout all industries. However, what about the cybersecurity and privacy risks within the transportation industry? There has been little, if any, thoughtful public discussion of the wide range of surface transportation cybersecurity and privacy risks. Cybersecurity vulnerabilities could cause many more disruptions within this critical part of infrastructures within all countries! And privacy risks within the transit system are many, but usually not recognized. These weaknesses and vulnerabilities could be exploited in ways that cause a vast array of significant harms. Hear the world’s most experienced expert in transportation cybersecurity and privacy, David Elfering, discuss the issues in this episode. We will cover: • The largest cybersecurity risks within over-the-road trucking/transit systems and supporting physical structures • The greatest privacy risks within the transportation industry • The complexity of the systems used within all components of the transportation industry, including the widespread and increasing use of IoT throughout, which also increases risks • The risks that third parties and othats within the supply chain bring to the transportation industry • Some significant cybersecurity and privacy risks and challenges with personnel in the transportation industry, that are not found in most other industries. See more about David Elfering at his LinkedIn page: https://www.linkedin.com/in/aroundomaha/ #Transportation #TransportationRisks #Cybersecurity #PersonalData #RiskManagement #Privacy #TruckingRisks #CriticalInfrastructure